solid-client-authn-js icon indicating copy to clipboard operation
solid-client-authn-js copied to clipboard
verified publisher icon inrupt

Log out from the identity provider when logging out from a session

Open NoelDeMartin opened this issue 5 years ago • 2 comments

This is a follow up to the discussion that started in #894.

In short, when logging out from a session, users are still logged in on their identity provider so it would be possible to log into the application again without introducing the password.

This is the expected behaviour, and it's not the responsibility of this library to log out from the identity provider as well. However, in some use-cases this can be a UX problem for users who are not familiar with Solid and may not be aware that the identity provider exists as a different service.

I think it'd be useful to implement this as an optional feature, but it is not straight forward so we can use this issue to discuss about it and gather use-cases.

NoelDeMartin avatar Jan 07 '21 11:01 NoelDeMartin

Hi @NoelDeMartin ,

Thanks for the suggestion. Indeed this is something we are actively doing some research on at Inrupt. As you well pointed out, this goes beyond this library and is more a UX problem.

We'll keep this issue updated with all developments in this area.

Cheers, Nicolas.-

nicolasmondada avatar Feb 01 '21 11:02 nicolasmondada

Talking with @jaxoncreed he told me this is part of a draft spec from OpenID: https://openid.net/specs/openid-connect-rpinitiated-1_0.html

I tried looking at the /.well-known/openid-configuration response for NSS, ESS and CSS, and all of them seem to implement this because they return a url for end_session_endpoint. So even though it's a draft spec, it seems like it's well supported in practice.

What do you think about implementing this? As I mentioned, this may be an optional feature, so even if it's not the default behaviour I'd like being able to call this endpoint from my apps.

NoelDeMartin avatar Sep 09 '21 17:09 NoelDeMartin